Following up on our prior coverage (see here and here), this week a federal court denied Plaintiffs’ request for the first-ever injunction under BIPA In re: Clearview AI, Inc. Consumer Privacy Litigation, Case No. 1:21-cv-00135 (N.D. Ill). Read on for the scoop.
Recall that Clearview collects publicly available images on the Internet and organizes them into a searchable database, which Clearview’s licensed users can then search by using Clearview’s app. As described in Clearview’s prior briefing the only information that Clearview stores from the photos are: (1) the URL from which the photo was collected; (2) any metadata associated with the image itself; and (3) the facial vectors from the faces that appear in the image.
Moreover, in response to the BIPA litigation, Clearview has already implemented significant changes to its business practices. However, according to Plaintiffs these measures are inadequate as Clearview “cannot be trusted” to maintain these changes. For these reasons, and others, Plaintiffs requested that the court issue a preliminary injunction enjoining Clearview’s business practices.
In order for the Plaintiffs to demonstrate they were entitled to a preliminary injunction in the litigation, it was required that they establish four elements: “(1) they have a reasonable likelihood of success on the merits; (2) no adequate remedy at law exists; (3) they will suffer irreparable harm, which, absent injunctive relief, outweighs the irreparable harm [Clearview] will suffer if the injunction is granted; and (4) the requested injunction will not harm the public interest.” The court’s opinion which came out earlier this week determined that the consumers failed to demonstrate a likelihood of irreparable harm in the absence of injunctive relief. Their motion for a preliminary injunction was denied.
Notably, the court found that the failure of the Plaintiffs to show that irreparable harm is likely in the absence a preliminary injunction was “dispositive.” The court commented that “Plaintiffs base their irreparable harm argument on what they call the Clearview defendants’ ‘lax security practices’ and two past data breaches of Clearview’s electronic systems.” However–in language familiar to all data privacy litigators–the court found that “Plaintiffs’ general arguments about the possibility of future data breaches and Clearview’s lax security practices suggest a mere possibility of irreparable harm, not that they will likely suffer irreparable harm.” To put it simply, Plaintiffs’ alleged speculative future injuries were not enough to support a preliminary injunction.
The court also rejected concerns Plaintiffs’ raised with the testimony of Clearview’s General Counsel, who testified as a Rule 30(b)(6) witness in the litigation. At that deposition, Clearview’s GC “admitted he was not a cybersecurity expert” and Plaintiffs also took issue with certain “responses about Clearview’s security measures [which] lacked precision.” While the court acknowledged that perhaps the GC was “not the best Rule 30(b)(6) witness to testify about Clearview’s security measures,” “his lack of knowledge does not create a reasonable inference that plaintiffs will likely suffer irreparable harm before final judgment.”
So there you have it. Plaintiffs were unable to show they met the legal standard for a preliminary injunction in regards to their claims under BIPA. However, the litigation remains ongoing and remains a must-watch.